Overview

overview

9

Static

static

3

Warehub_No...1).exe

windows7-x64

6

Warehub_No...1).exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    Warehub_Nova_New_Interface_9(1).exe

  • Size

    12.8MB

  • Sample

    231011-j11dtsag2w

  • MD5

    bda719bb15bfb020769ca3286ed546d5

  • SHA1

    a50fff9224aeedaa81bdc075d0414c26e5fcacde

  • SHA256

    e47cb33f11d4c2c8c7bc853e0a13ae38d1f762ea196ac31dd699a5d1dabcd8e2

  • SHA512

    c210d6f40ebcb12980bf2e096165c82d51f861be5e94cb001a1e66ada4e483d61662a8d1a0c31d2f55260f5bd99b8852822aad7cfa730e7218336ee22becabd2

  • SSDEEP

    196608:eCLzhlNSOMoR94Hk8IlUBFSmYPWZpQzznz+Yd4I2r0TEToTq9/WTkwPWUxsTBpYF:l/Nd8IlUBu2pi4I2rq3q9IgoM

Score
9/10
evasion

Malware Config

Targets

    • Target

      Warehub_Nova_New_Interface_9(1).exe

    • Size

      12.8MB

    • MD5

      bda719bb15bfb020769ca3286ed546d5

    • SHA1

      a50fff9224aeedaa81bdc075d0414c26e5fcacde

    • SHA256

      e47cb33f11d4c2c8c7bc853e0a13ae38d1f762ea196ac31dd699a5d1dabcd8e2

    • SHA512

      c210d6f40ebcb12980bf2e096165c82d51f861be5e94cb001a1e66ada4e483d61662a8d1a0c31d2f55260f5bd99b8852822aad7cfa730e7218336ee22becabd2

    • SSDEEP

      196608:eCLzhlNSOMoR94Hk8IlUBFSmYPWZpQzznz+Yd4I2r0TEToTq9/WTkwPWUxsTBpYF:l/Nd8IlUBu2pi4I2rq3q9IgoM

    Score
    9/10
    evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks